Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nu5GafwIpNQzdQkRBhOGKzFPGsc.cer
File:                     nu5GafwIpNQzdQkRBhOGKzFPGsc.cer (raw, json)
Hash identifier:          EX2pbKaq2TG+6JZF/CgSeMXSEugmoObT9APrF5L54Dk=
Subject key identifier:   9E:EE:46:69:FC:08:A4:D4:33:75:09:11:06:13:86:2B:31:4F:1A:C7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F2ABB5E956B6243415FAB5C2775ED
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6f/b9467c-84af-493a-9db9-4dd59c7c6305/1/nu5GafwIpNQzdQkRBhOGKzFPGsc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6f/b9467c-84af-493a-9db9-4dd59c7c6305/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.10.84.0/22
                          IP: 2a0e:3100::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2a:bb:5e:95:6b:62:43:41:5f:ab:5c:27:75:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eee4669fc08a4d4337509110613862b314f1ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d6:6f:8b:c6:90:88:43:0f:22:92:98:6a:79:
                    c6:49:01:0e:0c:a4:c2:dc:b9:8c:da:be:76:51:78:
                    bc:2a:56:5f:ff:d7:5f:21:6d:0e:4a:a7:fd:d1:e5:
                    14:5f:ee:ca:98:4e:b1:3b:97:1d:83:9b:86:ae:bf:
                    13:d5:84:40:1b:2b:f6:5b:ac:79:03:a5:fa:3e:63:
                    4c:a7:92:a1:72:f3:fb:85:9f:3e:24:0c:72:a1:b2:
                    e7:dd:33:db:de:69:68:ce:37:77:2c:fb:ab:14:53:
                    70:b0:4b:24:a0:38:61:21:91:51:ff:3f:67:25:96:
                    df:2f:58:2d:53:54:a3:66:17:f1:0a:ab:55:11:26:
                    ff:66:56:03:81:42:d2:c5:f4:6e:2d:a4:27:34:fc:
                    95:d6:3e:9b:dd:35:40:fb:2b:d0:23:1c:2f:83:f6:
                    6c:3e:2d:d7:0d:db:d5:e7:01:ac:91:ff:2f:e4:3c:
                    9d:66:94:86:16:82:87:b1:fa:c5:3a:43:e5:fa:32:
                    7d:c8:e2:be:99:f7:35:37:ee:26:b9:1a:0c:19:ac:
                    ff:dc:fc:c4:cf:de:59:5b:4e:02:c7:a0:ae:6d:b9:
                    99:44:c1:cf:58:36:8d:22:6d:87:d7:75:7d:a8:1b:
                    5d:2c:65:d9:1a:17:d1:3a:91:da:52:e0:d4:c4:a4:
                    bc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EE:46:69:FC:08:A4:D4:33:75:09:11:06:13:86:2B:31:4F:1A:C7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b9467c-84af-493a-9db9-4dd59c7c6305/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b9467c-84af-493a-9db9-4dd59c7c6305/1/nu5GafwIpNQzdQkRBhOGKzFPGsc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.84.0/22
                IPv6:
                  2a0e:3100::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:e0:2d:13:55:07:6b:17:77:aa:78:52:bb:3b:43:90:59:bf:
         f1:b0:1e:f1:19:1f:29:ee:1c:1c:ce:02:6f:02:ca:54:1e:e5:
         70:bf:c4:51:b9:04:46:e9:2f:cc:d7:f9:38:f2:5c:ed:fc:b4:
         f9:65:ef:98:25:6f:b9:80:a4:b0:b3:28:5c:72:8c:ce:05:5e:
         f3:1c:ce:da:7f:cf:bd:ae:b6:73:97:22:9e:a5:5b:02:09:c5:
         70:59:c4:00:a9:40:70:70:47:6d:95:61:22:b7:16:1e:d4:86:
         bb:bf:c2:7e:e0:cb:16:3e:0a:bb:0c:3e:b4:4f:f0:2b:6b:f5:
         44:90:7e:a3:55:0c:c7:26:e9:dc:f7:1b:a0:01:d2:06:e5:ca:
         ac:b9:c2:a6:5e:43:87:3a:91:14:7e:97:1e:58:a8:c7:a0:ab:
         86:9d:1a:60:b1:63:88:12:27:d6:ff:28:b0:4f:4c:6c:f8:e8:
         13:47:c6:8d:1d:bb:ef:8a:15:04:8a:5b:ea:6b:1d:96:75:7d:
         72:43:92:e4:59:e4:88:73:f3:f0:37:ef:bd:9a:d6:bb:51:57:
         0b:fb:e9:7d:10:2a:e4:af:67:8b:c6:27:d0:a8:20:e2:6a:bf:
         0f:49:0b:53:95:5d:50:18:57:d3:de:e9:2c:89:df:e8:71:d3:
         ad:74:f4:3e
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzIbyq7XpVrYkNBX6tcJ3XtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWVlNDY2OWZjMDhhNGQ0MzM3NTA5MTEwNjEzODYyYjMxNGYxYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntZvi8aQiEMPIpKYannGSQEODKTC
3LmM2r52UXi8KlZf/9dfIW0OSqf90eUUX+7KmE6xO5cdg5uGrr8T1YRAGyv2W6x5
A6X6PmNMp5KhcvP7hZ8+JAxyobLn3TPb3mlozjd3LPurFFNwsEskoDhhIZFR/z9n
JZbfL1gtU1SjZhfxCqtVESb/ZlYDgULSxfRuLaQnNPyV1j6b3TVA+yvQIxwvg/Zs
Pi3XDdvV5wGskf8v5DydZpSGFoKHsfrFOkPl+jJ9yOK+mfc1N+4muRoMGaz/3PzE
z95ZW04Cx6CubbmZRMHPWDaNIm2H13V9qBtdLGXZGhfROpHaUuDUxKS8rQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJ7uRmn8CKTUM3UJEQYThisxTxrHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZmL2I5NDY3
Yy04NGFmLTQ5M2EtOWRiOS00ZGQ1OWM3YzYzMDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmYvYjk0Njdj
LTg0YWYtNDkzYS05ZGI5LTRkZDU5YzdjNjMwNS8xL251NUdhZndJcE5RemRRa1JC
aE9HS3pGUEdzYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLQpUMA0EAgACMAcDBQMqDjEAMA0GCSqGSIb3
DQEBCwUAA4IBAQB/4C0TVQdrF3eqeFK7O0OQWb/xsB7xGR8p7hwczgJvAspUHuVw
v8RRuQRG6S/M1/k48lzt/LT5Ze+YJW+5gKSwsyhccozOBV7zHM7af8+9rrZzlyKe
pVsCCcVwWcQAqUBwcEdtlWEitxYe1Ia7v8J+4MsWPgq7DD60T/Ara/VEkH6jVQzH
Junc9xugAdIG5cqsucKmXkOHOpEUfpceWKjHoKuGnRpgsWOIEifW/yiwT0xs+OgT
R8aNHbvvihUEilvqax2WdX1yQ5LkWeSIc/PwN++9mta7UVcL++l9ECrkr2eLxifQ
qCDiar8PSQtTlV1QGFfT3uksid/ocdOtdPQ+
-----END CERTIFICATE-----